This Week in Crypto Hacks: CrediX Claims To Recover $4.5M After Striking Deal With Attacker

ccn.comDipublikasikan tanggal 2025-08-03Terakhir diperbarui pada 2025-08-05

Key Takeaways
  • Sonic-based decentralized yield aggregator CrediX was hacked for $4.5 million.
  • The attack took advantage of vulnerabilities in the platform’s access controls.
  • The team behind the platform claims to have negotiated for the hacker to return stolen funds.

On Monday, Aug. 4, Sonic-based loan and yield aggregator CrediX suffered a $4.5 million loss after a hacker accessed crucial admin controls that let them drain funds from the platform.

Following the attack, CrediX announced on X that an agreement for the return of the funds had been reached with the hacker.

CrediX Hack: What Happened?

Barely a month after its launch, CrediX was exploited in an attack that took advantage of vulnerabilities in the platform’s access controls.

According to an analysis by Halborn, six days before the theft occurred, the hacker used their access to grant themself a broad set of permissions.

Using these, they minted unbacked acUSDC tokens, which they swapped for real USDC before bridging it to Ethereum and laundering via Tornado Cash.

In response, CrediX’s administrators took the website down to prevent further deposits and urged users to withdraw funds via smart contracts.

Hacker Agrees To Return Funds

On Tuesday, CrediX announced on X that the exploiter had agreed to return the stolen funds within 48 hours. In return, they will receive money paid from the CrediX treasury, which is segregated from users’ assets.

Affected users will be airdropped their share of the returned funds, the post said. “We apologize for how this turned out and the distress caused to the Sonic community and our users,” it added

The attacker eventually agreed to return all $4.5 million. The platform called it a “successful parley” in its social media post but did not share the terms of the deal or the identity of the attacker.

An Inside Job?

While little is known about CrediX’s founders, the nature of the recent hack raises the possibility of it being an inside job.

Access control systems for decentralized protocols are typically tightly restricted, and permissions are usually only granted to trusted team members or multisig wallets.

Users on CrediX’s Telegram Channel have speculated that the alleged hack was, in fact, a rug pull.

At the time of writing, assets had not been reimbursed as promised CrediX’s X post.

Meanwhile, many users reported being unable to withdraw funds via smart contract due to insufficient liquidity in certain pools.

Was this Article helpful? Yes No

Bacaan Terkait

Pengamatan Kepatuhan Laporan BIS: Risiko Sebenarnya Stablecoin, Bukan Hanya "Pelepasan Jangkar"

Laporan BIS mengingatkan bahwa risiko utama stablecoin tidak hanya terletak pada kemungkinan "depegging" (kehilangan patokan nilai), tetapi pada tantangan untuk memasukkannya ke dalam sistem keuangan yang dapat diidentifikasi, dipantau, dipertanggungjawabkan, dan diregulasi. Laporan berjudul "Anchoring Trust in Money" menekankan bahwa uang bukan sekadar produk teknologi. Kepercayaan datang dari kerangka hukum, likuiditas, unit akun bersama, dan integritas keuangan. Dalam sistem tradisional, bank bertanggung jawab atas KYC, pemantauan transaksi, dan pelaporan. Sebaliknya, stablecoin yang beredar di blockchain tanpa izin menghadapi risiko kombinasi: anonimitas semu, dompet non-kustodial, jembatan lintas rantai, dan kurangnya kejelasan subjek hukum. Transparansi pada rantai (on-chain) tidak sama dengan transparansi kepatuhan. Alamat yang terlihat tidak berarti identitas terungkap. Risiko stablecoin dapat merembes kembali ke keuangan tradisional melalui pintu masuk/keluar dana (on/off-ramp), platform perdagangan, dan akun pelanggan. Masa depan regulasi bukan melarang inovasi, tetapi "menanamkan aturan" ke dalam infrastruktur. Sistem keuangan token masa depan harus menyematkan identifikasi pelanggan, penyaringan risiko pra-transaksi, jejak data yang dapat diaudit, dan mekanisme kolaborasi lintas yurisdiksi sejak awal. Kepatuhan bukanlah penghalang, melainkan infrastruktur dasar yang memungkinkan inovasi keuangan berkelanjutan dan aman.

marsbit2j yang lalu

Pengamatan Kepatuhan Laporan BIS: Risiko Sebenarnya Stablecoin, Bukan Hanya "Pelepasan Jangkar"

marsbit2j yang lalu

Trading

Spot
活动图片